[kylin] branch 2.6.x updated: KYLIN-4481 Project-level ACL lookups not working for non-admin SAML-federated users

Fri, 08 May 2020 06:16:08 -0700 

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch 2.6.x
in repository https://gitbox.apache.org/repos/asf/kylin.git


The following commit(s) were added to refs/heads/2.6.x by this push:
     new a75fb4c  KYLIN-4481 Project-level ACL lookups not working for 
non-admin SAML-federated users
a75fb4c is described below

commit a75fb4c6942fe3c0d610cdab91191b4a8895dd53
Author: andrewcheng <andrewch...@tencent.com>
AuthorDate: Thu May 7 16:27:44 2020 +0800

    KYLIN-4481 Project-level ACL lookups not working for non-admin 
SAML-federated users
---
 .../apache/kylin/rest/security/SAMLUserDetailsService.java    | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
 
b/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
index 24f8243..29583ff 100644
--- 
a/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
+++ 
b/server-base/src/main/java/org/apache/kylin/rest/security/SAMLUserDetailsService.java
@@ -22,6 +22,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsService;
 import org.springframework.security.saml.SAMLCredential;
 
@@ -46,6 +47,16 @@ public class SAMLUserDetailsService implements 
org.springframework.security.saml
         UserDetails userDetails = null;
         try {
             userDetails = ldapUserDetailsService.loadUserByUsername(userName);
+            if (userDetails instanceof LdapUserDetailsImpl) {
+                LdapUserDetailsImpl.Essence essence = new 
LdapUserDetailsImpl.Essence();
+                essence.setDn(((LdapUserDetailsImpl) userDetails).getDn());
+                essence.setUsername(userEmail);
+                essence.setPassword(userDetails.getPassword());
+                essence.setAuthorities(userDetails.getAuthorities());
+                essence.setTimeBeforeExpiration(((LdapUserDetailsImpl) 
userDetails).getTimeBeforeExpiration());
+                essence.setGraceLoginsRemaining(((LdapUserDetailsImpl) 
userDetails).getGraceLoginsRemaining());
+                userDetails = essence.createUserDetails();
+            }
         } catch 
(org.springframework.security.core.userdetails.UsernameNotFoundException e) {
             logger.error("User not found in LDAP, check whether he/she has 
been added to the groups.", e);
         }

Reply via email to